Using IT in forensic science is no longer restricted to the realm of sci-fi. It can help the government and agencies in cracking cases like those arising from the Panama Papers, rising NPAs of banks and money laundering. In an interaction with Pratap Vikram Singh, Petrus Marais of KPMG talks about the need of forensics with the increasing focus on cyber security.

Is there awareness in India about cyber forensics?

India, including the public and private sector, is clearly behind in being able to deal with the [cyber] threat. In the last one year, however, it has put forth some safeguards. [This is] primarily   [because they have faced] increased cyber attacks over the last two years, which has [left] a feeling of vulnerability. Of late, many corporates have reached out to us. 

Incidence prevention is a grave area. There is a huge demand for predicting a potential threat. There are a host of mechanisms to do that – social media monitoring, website monitoring, and passing a volume of traffic through certain detectors that is put on the web.

There has been an increasing demand from the clients to know whether they have been hacked, what the hackers have stolen, who the hacker is, etc.

What are your major interventions in this area?

It starts with conducting gap analysis and risk assessment for the client. We assist them in identifying what is their level of vulnerability, the level of sophistication of their internal systems in detecting, monitoring, and preventing an attack. It [cyber threat] is far more broad-reaching than people generally think. It goes right to the level of HR policies. A major risk emanates from prolonged access to IT systems of people who are leaving an organisation. Then there is technical threat – how difficult it is to breach [a system], how regular is penetration testing and so on. KPMG does penetration testing. We do white hat hacking because the client should be able to know how good their systems are. In industries where risk is bigger, the client needs to be encouraged to look at installation of certain specific monitoring devices that can pick up extensive analytics and trends in traffic that could be indicative of potential threat building.

Is revenue generation from forensics increasing?

It is not increasing as fast as we had thought. In certain jurisdictions, for example, the US, where the client’s sense of vulnerability is more – because of a number of hacking incidents that have happened including Ashley Madison [the extramarital affairs website was hacked and details of its over 32 million users were made public] and stringent personal information legislation – the growth has been big. In other markets – and I am sure India is pretty much the same – clients are relying on internal IT teams and solutions.

Our revenue growth is expected to spike within a year. Right now, we are investing a huge amount of time in education and awareness.

How can cyber forensics help in countering money laundering?

The underlying rationale for anti-money laundering has been to combat crime and terror financing. All this falls under the forensics domain. Historically, forensic service providers were anti-money laundering advisory providers to the banks.

Who are your customers for cyber anti-money laundering?

It is primarily banks.

Are payment wallets emerging as a new channel for money laundering?

The ticket size is small and is likely to stay that way. The KYC norms required for the payment wallet are still not sophisticated. But as those numbers are growing – and they are growing rapidly – I think they [regulators] are waking up to the fact that they need to put in a sophisticated mechanism as well. Think about the commercial rationale of payment wallet. It is to deal with the unbanked and informal hawala systems that are available globally. So if you are dealing with that clientele, you are also dealing with a substantial organised crime element. I believe that it is just a matter of time when a major money laundering scam gets exposed. You are dealing with higher volume and lower value offences when it comes to prostitution, street drugs, and human trafficking. Your players in that system at the various levels are not ‘C’ level executives. It is challenging for them to bank their money. That is why the wallet system is attractive to them as it is anonymous. You can transfer from anywhere in the world, whatever the case may be.


pratap@governancenow.com

(The interview appears in the June 16-30, 2016 issue)